Skip to content

Commit

Permalink
Add offset_ and size_ safely in LoaderExifJpeg::LoaderExifJpeg
Browse files Browse the repository at this point in the history 
offset_ can become arbitrarily large and overflows once its added to size_,
this causes all kinds of problems further in the code when offset_ is used
again.
=> Use Safe::add() to catch potential overflows
This fixes Exiv2#365.
  • Loading branch information
@D4N
D4N committed Jun 11, 2018
1 parent 8393064 commit 937a1a2
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/preview.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
#include "preview.hpp"
#include "futils.hpp"
#include "enforce.hpp"
#include "safe_op.hpp"

#include "image.hpp"
#include "cr2image.hpp"
Expand Down Expand Up @@ -545,7 +546,8 @@ namespace {
}
}

if (offset_ + size_ > static_cast<uint32_t>(image_.io().size())) return;
if (Safe::add(offset_, size_) > static_cast<uint32_t>(image_.io().size()))
return;

valid_ = true;
}
Expand Down

0 comments on commit 937a1a2

Please sign in to comment.